On Tue, Aug 5, 2025 at 5:59 AM Subbareddy Alamuru < subbareddy.alam...@sycamoreinformatics.com> wrote:
> Hi Nick, > > I have all these items configured but still I am receiving the > error message > ""ERROR c.onelogin.saml2.authn.SamlResponse - The response was received at > http://xxx.com/api/ext/saml/callback instead of https:// > xxx.com/api/ext/saml/callback"" > > location / { > proxy_pass http://guacamole:8080/; # NOTE: trailing slash is > CRITICAL > proxy_http_version 1.1; > > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For > $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_set_header Host $host; > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection $http_connection; > > proxy_redirect http:// https://; > > proxy_buffering off; > proxy_request_buffering off; > proxy_read_timeout 1d; > proxy_send_timeout 1d; > } > > And you have the saml-callback-url in guacamole.properties set with the correct, HTTPS-based address? And does your IdP configuration (Microsoft Entra) point at the correct URL (with https vs. http)? Also, is your Tomcat instance set up to accept the Remote IP information from the proxy server, like so: <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127\.0\.0\.1" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" /> (Note that final protocolHeader entry in the Valve block - that'll be important for allowing the https to be passed through.) -Nick >
